muell200
20.06.07, 14:45
hallo
ich will einen samba server in ein windows 2003 ads einbinden.
folgendes geht:
kinit Admin@DOMAENE.LOCAL -> ich erhalte ein ticket
wbinfo -u -> ich sehe die windows user
getnet passwd -> ich sehe die windows user
net ads join -U Adminsitrator -> samba wird in ads aufgenommen
ich schaffe es aber nicht auf eine samba-freigabe mit einem ad-user zuzugreifen. -> in log steht NT_STATUS_NO_SUCH_USER
folgende einstellung:
smb.conf
[global]
workgroup = DOMAENE
netbios name = SAMBA-W
server string = SAMBA-W
encrypt passwords = Yes
map to guest = Bad User
keepalive = 30
os level = 2
kernel oplocks = No
default case = lower
preserve case = no
short preserve case = no
follow symlinks = no
security = ADS
realm = DOMAENE.LOCAL
idmap uid = 10000-15000
idmap gid = 10000-15000
winbind separator = /
winbind use default domain = yes
password server = pdc.domaene.local
client use spnego = yes
winbind enum users = Yes
[test]
comment = testfreigabe
path = /test
read only = Yes
krb5.conf
[libdefaults]
default_realm = DOMAENE.LOCAL
[realms]
DOMAENE.LOCAL = {
kdc = PDC.DOMAENE.LOCAL
default_domain = domaene.local
}
[domain_realm]
.domaene.local = DOMAENE.LOCAL
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimun_uid = 0
debug = false
}
auszug aus den logs:
[2007/06/20 12:39:32, 2] smbd/service.c:make_connection_snum(323)
guest user (from session setup) not permitted to access this share (test)
[2007/06/20 12:39:32, 2] smbd/server.c:exit_server(614)
Closing connections
[2007/06/20 12:41:27, 2] auth/auth.c:check_ntlm_password(317)
check_ntlm_password: Authentication for user [test] -> [test] FAILED with error NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2007/06/20 12:41:27, 2] smbd/service.c:make_connection_snum(323)
guest user (from session setup) not permitted to access this share (test)
[2007/06/20 12:41:27, 2] smbd/server.c:exit_server(614)
Closing connections
[2007/06/20 12:42:47, 0] auth/auth_util.c:make_server_info_info3(1297)
make_server_info_info3: pdb_init_sam failed!
[2007/06/20 12:42:47, 2] auth/auth.c:check_ntlm_password(317)
check_ntlm_password: Authentication for user [test] -> [test] FAILED with error NT_STATUS_NO_SUCH_USER
[2007/06/20 12:42:47, 2] smbd/service.c:make_connection_snum(323)
guest user (from session setup) not permitted to access this share (test)
[2007/06/20 12:42:47, 2] smbd/server.c:exit_server(614)
Closing connections
hat mir jemand ein tip, warum das nicht geht?
samba: 3.0.22-13.30
system: sles10
vorab danke
ich will einen samba server in ein windows 2003 ads einbinden.
folgendes geht:
kinit Admin@DOMAENE.LOCAL -> ich erhalte ein ticket
wbinfo -u -> ich sehe die windows user
getnet passwd -> ich sehe die windows user
net ads join -U Adminsitrator -> samba wird in ads aufgenommen
ich schaffe es aber nicht auf eine samba-freigabe mit einem ad-user zuzugreifen. -> in log steht NT_STATUS_NO_SUCH_USER
folgende einstellung:
smb.conf
[global]
workgroup = DOMAENE
netbios name = SAMBA-W
server string = SAMBA-W
encrypt passwords = Yes
map to guest = Bad User
keepalive = 30
os level = 2
kernel oplocks = No
default case = lower
preserve case = no
short preserve case = no
follow symlinks = no
security = ADS
realm = DOMAENE.LOCAL
idmap uid = 10000-15000
idmap gid = 10000-15000
winbind separator = /
winbind use default domain = yes
password server = pdc.domaene.local
client use spnego = yes
winbind enum users = Yes
[test]
comment = testfreigabe
path = /test
read only = Yes
krb5.conf
[libdefaults]
default_realm = DOMAENE.LOCAL
[realms]
DOMAENE.LOCAL = {
kdc = PDC.DOMAENE.LOCAL
default_domain = domaene.local
}
[domain_realm]
.domaene.local = DOMAENE.LOCAL
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimun_uid = 0
debug = false
}
auszug aus den logs:
[2007/06/20 12:39:32, 2] smbd/service.c:make_connection_snum(323)
guest user (from session setup) not permitted to access this share (test)
[2007/06/20 12:39:32, 2] smbd/server.c:exit_server(614)
Closing connections
[2007/06/20 12:41:27, 2] auth/auth.c:check_ntlm_password(317)
check_ntlm_password: Authentication for user [test] -> [test] FAILED with error NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2007/06/20 12:41:27, 2] smbd/service.c:make_connection_snum(323)
guest user (from session setup) not permitted to access this share (test)
[2007/06/20 12:41:27, 2] smbd/server.c:exit_server(614)
Closing connections
[2007/06/20 12:42:47, 0] auth/auth_util.c:make_server_info_info3(1297)
make_server_info_info3: pdb_init_sam failed!
[2007/06/20 12:42:47, 2] auth/auth.c:check_ntlm_password(317)
check_ntlm_password: Authentication for user [test] -> [test] FAILED with error NT_STATUS_NO_SUCH_USER
[2007/06/20 12:42:47, 2] smbd/service.c:make_connection_snum(323)
guest user (from session setup) not permitted to access this share (test)
[2007/06/20 12:42:47, 2] smbd/server.c:exit_server(614)
Closing connections
hat mir jemand ein tip, warum das nicht geht?
samba: 3.0.22-13.30
system: sles10
vorab danke